hi Jason.
Patching into mainfile.php is almost indispensability.
If someone use the method (xoopsOption[nocommon]=1) and the server is register_globals on, crackers can easily access XOOPS which is not protected by Protector.
Quote:
I do believe there should be some checker included into Protector, though I'm not sure, how to go about that one. At least the described method should be mentioned in the ReadMe, I believe....just my 5c....
Do you mean the tip of checking ?
It is hard to judge.
To describe it means that I teach how to attack XOOPS without Protector.
Anyway, I thank you for the suggestion.